A security analyst receives an alert indicating that a workstation is sending outbound connections to a known malicious IP address. The analyst suspects a Trojan. Which tool is BEST for performing dynamic analysis of the suspicious binary?
A sandbox runs the binary in a controlled environment to monitor its actions.
Why this answer
Sandbox environments safely execute malware to observe behavior, making them ideal for dynamic analysis.